diff --git a/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java b/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java index 6b5d7f9003..ea1fb87ff4 100644 --- a/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java +++ b/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java @@ -590,8 +590,11 @@ public class AuthorizeUtil { authorizeManageAdminGroup(context, collection); return; } - - + // if we reach this point, it means that the group is related + // to a collection but as it is not the submitters, nor the administrators, + // nor a workflow groups it must be a default item/bitstream groups + authorizeManageDefaultReadGroup(context, collection); + return; } if (parentObject.getType() == Constants.COMMUNITY) { Community community = (Community) parentObject; diff --git a/dspace-api/src/main/java/org/dspace/eperson/GroupServiceImpl.java b/dspace-api/src/main/java/org/dspace/eperson/GroupServiceImpl.java index 7c23216458..449ddca973 100644 --- a/dspace-api/src/main/java/org/dspace/eperson/GroupServiceImpl.java +++ b/dspace-api/src/main/java/org/dspace/eperson/GroupServiceImpl.java @@ -23,7 +23,9 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; import org.dspace.authorize.AuthorizeConfiguration; import org.dspace.authorize.AuthorizeException; +import org.dspace.authorize.ResourcePolicy; import org.dspace.authorize.service.AuthorizeService; +import org.dspace.authorize.service.ResourcePolicyService; import org.dspace.content.Collection; import org.dspace.content.DSpaceObject; import org.dspace.content.DSpaceObjectServiceImpl; @@ -76,6 +78,8 @@ public class GroupServiceImpl extends DSpaceObjectServiceImpl implements @Autowired(required = true) protected AuthorizeService authorizeService; + @Autowired(required = true) + protected ResourcePolicyService resourcePolicyService; protected GroupServiceImpl() { super(); @@ -654,6 +658,21 @@ public class GroupServiceImpl extends DSpaceObjectServiceImpl implements return collectionService.getParentObject(context, collection); } } + } else { + if (AuthorizeConfiguration.canCollectionAdminManagePolicies()) { + List groups = new ArrayList(); + groups.add(group); + List policies = resourcePolicyService.find(context, null, groups, + Constants.DEFAULT_ITEM_READ, Constants.COLLECTION); + if (policies.size() > 0) { + return policies.get(0).getdSpaceObject(); + } + policies = resourcePolicyService.find(context, null, groups, + Constants.DEFAULT_BITSTREAM_READ, Constants.COLLECTION); + if (policies.size() > 0) { + return policies.get(0).getdSpaceObject(); + } + } } } if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) { diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/CollectionGroupRestControllerIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/CollectionGroupRestControllerIT.java index 58d5ff93ad..7464e9c38c 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/CollectionGroupRestControllerIT.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/CollectionGroupRestControllerIT.java @@ -35,7 +35,6 @@ import org.dspace.eperson.Group; import org.dspace.eperson.service.GroupService; import org.dspace.workflow.WorkflowService; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -971,11 +970,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); } - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void getCollectionDefaultItemReadGroupTestParentCommunityAdmin() throws Exception { context.turnOffAuthorisationSystem(); String itemGroupString = "ITEM"; @@ -993,11 +988,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); } - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void getCollectionDefaultItemReadGroupTestCollectionAdmin() throws Exception { context.turnOffAuthorisationSystem(); String itemGroupString = "ITEM"; @@ -1120,13 +1111,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati } - - - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void postCollectionDefaultItemReadGroupCreateDefaultItemReadGroupSuccessParentCommunityAdmin() throws Exception { @@ -1161,12 +1146,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati } - - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void postCollectionDefaultItemReadGroupCreateDefaultItemReadGroupSuccessCollectionAdmin() throws Exception { ObjectMapper mapper = new ObjectMapper(); @@ -1475,11 +1455,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); } - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void getCollectionDefaultBitstreamReadGroupTestParentCommunityAdmin() throws Exception { context.turnOffAuthorisationSystem(); String bitstreamGroupString = "BITSTREAM"; @@ -1497,11 +1473,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); } - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void getCollectionDefaultBitstreamReadGroupTestCollectionAdmin() throws Exception { context.turnOffAuthorisationSystem(); String bitstreamGroupString = "BITSTREAM"; @@ -1627,13 +1599,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati } - - - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void postCollectionDefaultBitstreamReadGroupCreateDefaultBitstreamReadGroupSuccessParentCommunityAdmin() throws Exception { @@ -1668,12 +1634,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati } - - // Put on ignore because there's no support to identify read rights on a group for a user in a special - // com/coll admin group - // Please refer to: https://jira.lyrasis.org/browse/DS-4505 @Test - @Ignore public void postCollectionDefaultBitstreamReadGroupCreateDefaultBitstreamReadGroupSuccessCollectionAdmin() throws Exception { diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java index 9de5eabe94..8d42788df4 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java @@ -1915,18 +1915,18 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest { String tokenAdminCol = getAuthToken(adminCol.getEmail(), password); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); - getClient(tokenAdminCol).perform(get("/api/eperson/epersons/search/byMetadata") - .param("query", "Rossi")) - .andExpect(status().isOk()) - .andExpect(content().contentType(contentType)) - .andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder( - EPersonMatcher.matchEPersonEntry(adminChild1), - EPersonMatcher.matchEPersonEntry(adminCol), - EPersonMatcher.matchEPersonEntry(col1Submitter) - ))) - .andExpect(jsonPath("$.page.totalElements", is(3))); - for (String prop : confPropsCollectionAdmins) { + getClient(tokenAdminCol).perform(get("/api/eperson/epersons/search/byMetadata") + .param("query", "Rossi")) + .andExpect(status().isOk()) + .andExpect(content().contentType(contentType)) + .andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder( + EPersonMatcher.matchEPersonEntry(adminChild1), + EPersonMatcher.matchEPersonEntry(adminCol), + EPersonMatcher.matchEPersonEntry(col1Submitter) + ))) + .andExpect(jsonPath("$.page.totalElements", is(3))); + configurationService.setProperty(prop, false); } @@ -1934,18 +1934,18 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest { .param("query", "Rossi")) .andExpect(status().isForbidden()); - getClient(tokenAdminComm).perform(get("/api/eperson/epersons/search/byMetadata") - .param("query", "Rossi")) - .andExpect(status().isOk()) - .andExpect(content().contentType(contentType)) - .andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder( - EPersonMatcher.matchEPersonEntry(adminChild1), - EPersonMatcher.matchEPersonEntry(adminCol), - EPersonMatcher.matchEPersonEntry(col1Submitter) - ))) - .andExpect(jsonPath("$.page.totalElements", is(3))); - for (String prop : confPropsCommunityAdmins) { + getClient(tokenAdminComm).perform(get("/api/eperson/epersons/search/byMetadata") + .param("query", "Rossi")) + .andExpect(status().isOk()) + .andExpect(content().contentType(contentType)) + .andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder( + EPersonMatcher.matchEPersonEntry(adminChild1), + EPersonMatcher.matchEPersonEntry(adminCol), + EPersonMatcher.matchEPersonEntry(col1Submitter) + ))) + .andExpect(jsonPath("$.page.totalElements", is(3))); + configurationService.setProperty(prop, false); } diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/GroupRestRepositoryIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/GroupRestRepositoryIT.java index 7a415e2af0..2799d88e2e 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/GroupRestRepositoryIT.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/GroupRestRepositoryIT.java @@ -44,10 +44,12 @@ import org.dspace.app.rest.model.patch.Operation; import org.dspace.app.rest.model.patch.ReplaceOperation; import org.dspace.app.rest.test.AbstractControllerIntegrationTest; import org.dspace.app.rest.test.MetadataPatchSuite; +import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.ResourcePolicyService; import org.dspace.content.Collection; import org.dspace.content.Community; import org.dspace.content.factory.ContentServiceFactory; +import org.dspace.content.service.CollectionService; import org.dspace.content.service.CommunityService; import org.dspace.core.Constants; import org.dspace.eperson.EPerson; @@ -70,6 +72,10 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { ResourcePolicyService resourcePolicyService; @Autowired private ConfigurationService configurationService; + @Autowired + private CollectionService collectionService; + @Autowired + private AuthorizeService authorizeService; @Test public void createTest() @@ -2061,17 +2067,17 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); - getClient(tokenAdminCol).perform(get("/api/eperson/groups/search/byMetadata") - .param("query", group1.getName())) - .andExpect(status().isOk()) - .andExpect(content().contentType(contentType)) - .andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder( - GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()), - GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()), - GroupMatcher.matchGroupEntry(group3.getID(), group3.getName())))) - .andExpect(jsonPath("$.page.totalElements", is(3))); - for (String prop : confPropsCollectionAdmins) { + getClient(tokenAdminCol).perform(get("/api/eperson/groups/search/byMetadata") + .param("query", group1.getName())) + .andExpect(status().isOk()) + .andExpect(content().contentType(contentType)) + .andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder( + GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()), + GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()), + GroupMatcher.matchGroupEntry(group3.getID(), group3.getName())))) + .andExpect(jsonPath("$.page.totalElements", is(3))); + configurationService.setProperty(prop, false); } @@ -2079,17 +2085,17 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { .param("query", group1.getName())) .andExpect(status().isForbidden()); - getClient(tokenAdminComm).perform(get("/api/eperson/groups/search/byMetadata") - .param("query", group1.getName())) - .andExpect(status().isOk()) - .andExpect(content().contentType(contentType)) - .andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder( - GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()), - GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()), - GroupMatcher.matchGroupEntry(group3.getID(), group3.getName())))) - .andExpect(jsonPath("$.page.totalElements", is(3))); - for (String prop : confPropsCommunityAdmins) { + getClient(tokenAdminComm).perform(get("/api/eperson/groups/search/byMetadata") + .param("query", group1.getName())) + .andExpect(status().isOk()) + .andExpect(content().contentType(contentType)) + .andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder( + GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()), + GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()), + GroupMatcher.matchGroupEntry(group3.getID(), group3.getName())))) + .andExpect(jsonPath("$.page.totalElements", is(3))); + configurationService.setProperty(prop, false); } @@ -2098,6 +2104,57 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { .andExpect(status().isForbidden()); } + @Test + public void commAdminManageOwnerAdminGroupTest() throws Exception { + + GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); + + context.turnOffAuthorisationSystem(); + + EPerson adminChild1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Oliver", "Rossi") + .withEmail("adminChild1@example.com") + .withPassword(password) + .build(); + + EPerson submitter1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Carl", "Rossi") + .withEmail("submitter1@example.com") + .withPassword(password) + .build(); + + + parentCommunity = CommunityBuilder.createCommunity(context) + .withName("Parent Community") + .build(); + Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) + .withName("Sub Community") + .withAdminGroup(adminChild1) + .build(); + + Group groupAdmins = child1.getAdministrators(); + + context.restoreAuthSystemState(); + + String tokenCommAdmin = getAuthToken(adminChild1.getEmail(), password); + + assertFalse(groupService.isMember(context, submitter1, groupAdmins)); + + getClient(tokenCommAdmin).perform(post("/api/eperson/groups/" + groupAdmins.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID() + )) + .andExpect(status().isNoContent()); + + assertTrue(groupService.isMember(context, submitter1, groupAdmins)); + + getClient(tokenCommAdmin).perform(delete("/api/eperson/groups/" + + groupAdmins.getID() + "/epersons/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter1, groupAdmins)); + } + @Test public void colAdminManageSubmitterGroupAndAdminGroupTest() throws Exception { @@ -2133,7 +2190,6 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { parentCommunity = CommunityBuilder.createCommunity(context) .withName("Parent Community") - .withAdminGroup(eperson) .build(); Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) .withName("Sub Community") @@ -2154,6 +2210,7 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password); assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); + assertFalse(groupService.isMember(context, submitter2, groupSubmitters)); getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons") .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) @@ -2218,7 +2275,6 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { parentCommunity = CommunityBuilder.createCommunity(context) .withName("Parent Community") - .withAdminGroup(eperson) .build(); Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) .withName("Sub Community") @@ -2264,7 +2320,7 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { } @Test - public void commAdminManageSubmitterGroupAndAdminGroupTest() throws Exception { + public void commAdminManageSunCollectionOfSubmittersAndAdminsTest() throws Exception { GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); @@ -2293,7 +2349,6 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { parentCommunity = CommunityBuilder.createCommunity(context) .withName("Parent Community") - .withAdminGroup(eperson) .build(); Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) .withName("Sub Community") @@ -2307,12 +2362,14 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { .build(); Group groupSubmitters = col1.getSubmitters(); + Group groupAdministrators = col1.getAdministrators(); context.restoreAuthSystemState(); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); + assertFalse(groupService.isMember(context, submitter2, groupSubmitters)); getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons") .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) @@ -2324,10 +2381,25 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { assertTrue(groupService.isMember(context, submitter1, groupSubmitters)); assertTrue(groupService.isMember(context, submitter2, groupSubmitters)); + getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" + + groupSubmitters.getID() + "/epersons/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); + assertTrue(groupService.isMember(context, submitter2, groupSubmitters)); + + assertTrue(groupService.isMember(context, adminCol1, groupAdministrators)); + getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" + + groupAdministrators.getID() + "/epersons/" + adminCol1.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, adminCol1, groupAdministrators)); + } + @Test - public void commAdminDeleteColAdminFromAdminGroupTest() throws Exception { + public void commAdminAndColAdminCanManageItemReadGroupTest() throws Exception { GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); @@ -2348,10 +2420,14 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { .withEmail("submitter1@example.com") .withPassword(password) .build(); + EPerson submitter2 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Robert", "Clarks") + .withEmail("submitter2@example.com") + .withPassword(password) + .build(); parentCommunity = CommunityBuilder.createCommunity(context) .withName("Parent Community") - .withAdminGroup(eperson) .build(); Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) .withName("Sub Community") @@ -2364,30 +2440,207 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest { .withSubmitterGroup(eperson) .build(); - Group groupAdministrators = col1.getAdministrators(); - Group groupSubmitters = col1.getSubmitters(); + String itemGroupString = "ITEM"; + int defaultItemRead = Constants.DEFAULT_ITEM_READ; + Group itemReadGroup = collectionService.createDefaultReadGroup(context, col1, itemGroupString, defaultItemRead); context.restoreAuthSystemState(); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); - String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password); + String tokenAdminCol = getAuthToken(adminChild1.getEmail(), password); - assertTrue(groupService.isMember(context, adminCol1, groupAdministrators)); + assertFalse(groupService.isMember(context, submitter1, itemReadGroup)); + assertFalse(groupService.isMember(context, submitter2, itemReadGroup)); - getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" - + groupAdministrators.getID() + "/epersons/" + adminCol1.getID())) - .andExpect(status().isNoContent()); + getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + itemReadGroup.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID())) + .andExpect(status().isNoContent()); - assertFalse(groupService.isMember(context, adminCol1, groupAdministrators)); - assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); + assertTrue(groupService.isMember(context, submitter1, itemReadGroup)); - getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons") - .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) - .content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID() - )) - .andExpect(status().isForbidden()); - assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); + getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + itemReadGroup.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter2.getID())) + .andExpect(status().isNoContent()); + + assertTrue(groupService.isMember(context, submitter2, itemReadGroup)); + + getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" + + itemReadGroup.getID() + "/epersons/" + submitter2.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter2, itemReadGroup)); + + getClient(tokenAdminCol).perform(delete("/api/eperson/groups/" + + itemReadGroup.getID() + "/epersons/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter1, itemReadGroup)); } + + @Test + public void commAdminAndColAdminCanManageBitstreamReadGroupTest() throws Exception { + + GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); + + context.turnOffAuthorisationSystem(); + + EPerson adminChild1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Oliver", "Rossi") + .withEmail("adminChild1@example.com") + .withPassword(password) + .build(); + EPerson adminCol1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("James", "Rossi") + .withEmail("adminCol1@example.com") + .withPassword(password) + .build(); + EPerson submitter1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Carl", "Rossi") + .withEmail("submitter1@example.com") + .withPassword(password) + .build(); + EPerson submitter2 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Robert", "Clarks") + .withEmail("submitter2@example.com") + .withPassword(password) + .build(); + + parentCommunity = CommunityBuilder.createCommunity(context) + .withName("Parent Community") + .build(); + Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) + .withName("Sub Community") + .withAdminGroup(adminChild1) + .build(); + + Collection col1 = CollectionBuilder.createCollection(context, child1) + .withName("Collection 1") + .withAdminGroup(adminCol1) + .withSubmitterGroup(eperson) + .build(); + + String bitstreamGroupString = "BITSTREAM"; + int defaultBitstreamRead = Constants.DEFAULT_BITSTREAM_READ; + + Group bitstreamReadGroup = collectionService.createDefaultReadGroup(context, col1, bitstreamGroupString, + defaultBitstreamRead); + + context.restoreAuthSystemState(); + + String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); + String tokenAdminCol = getAuthToken(adminChild1.getEmail(), password); + + assertFalse(groupService.isMember(context, submitter1, bitstreamReadGroup)); + assertFalse(groupService.isMember(context, submitter2, bitstreamReadGroup)); + + getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + bitstreamReadGroup.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertTrue(groupService.isMember(context, submitter1, bitstreamReadGroup)); + + + getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + bitstreamReadGroup.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter2.getID())) + .andExpect(status().isNoContent()); + + assertTrue(groupService.isMember(context, submitter2, bitstreamReadGroup)); + + getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" + + bitstreamReadGroup.getID() + "/epersons/" + submitter2.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter2, bitstreamReadGroup)); + + getClient(tokenAdminCol).perform(delete("/api/eperson/groups/" + + bitstreamReadGroup.getID() + "/epersons/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter1, bitstreamReadGroup)); + + } + + @Test + public void commAdminAndColAdminCanManageWorkflowGroupsTest() throws Exception { + GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); + context.turnOffAuthorisationSystem(); + + EPerson adminChild1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Oliver", "Rossi") + .withEmail("adminChild1@example.com") + .withPassword(password) + .build(); + EPerson adminCol1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("James", "Rossi") + .withEmail("adminCol1@example.com") + .withPassword(password) + .build(); + EPerson submitter1 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Carl", "Rossi") + .withEmail("submitter1@example.com") + .withPassword(password) + .build(); + EPerson submitter2 = EPersonBuilder.createEPerson(context) + .withNameInMetadata("Robert", "Clarks") + .withEmail("submitter2@example.com") + .withPassword(password) + .build(); + + parentCommunity = CommunityBuilder.createCommunity(context) + .withName("Parent Community") + .build(); + Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) + .withName("Sub Community") + .withAdminGroup(adminChild1) + .build(); + + Collection col1 = CollectionBuilder.createCollection(context, child1) + .withName("Collection 1") + .withAdminGroup(adminCol1) + .withWorkflowGroup(1, eperson) + .withWorkflowGroup(2, eperson) + .build(); + + Group workflowGroupStep1 = col1.getWorkflowStep1(context); + Group workflowGroupStep2 = col1.getWorkflowStep2(context); + + context.restoreAuthSystemState(); + + assertFalse(groupService.isMember(context, submitter1, workflowGroupStep1)); + assertFalse(groupService.isMember(context, submitter2, workflowGroupStep2)); + + String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); + String tokenAdminCol = getAuthToken(adminChild1.getEmail(), password); + + getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + workflowGroupStep1.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertTrue(groupService.isMember(context, submitter1, workflowGroupStep1)); + + getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + workflowGroupStep2.getID() + "/epersons") + .contentType(parseMediaType(TEXT_URI_LIST_VALUE)) + .content(REST_SERVER_URL + "eperson/groups/" + submitter2.getID())) + .andExpect(status().isNoContent()); + + assertTrue(groupService.isMember(context, submitter2, workflowGroupStep2)); + + getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" + + workflowGroupStep2.getID() + "/epersons/" + submitter2.getID())) + .andExpect(status().isNoContent()); + + getClient(tokenAdminCol).perform(delete("/api/eperson/groups/" + + workflowGroupStep1.getID() + "/epersons/" + submitter1.getID())) + .andExpect(status().isNoContent()); + + assertFalse(groupService.isMember(context, submitter1, workflowGroupStep1)); + assertFalse(groupService.isMember(context, submitter2, workflowGroupStep2)); + } }